Vitrium Content Security and DRM Blog

Resources

Join our Mailing List

Recent Blog Posts

Safeguarding Sensitive Financial Data

October 15, 2015

Chances are your business collects and stores your customers’ personal information. This is especially true if you’re in the financial industry. You may not know, but it is your company’s legal responsibility to ensure that the data collected is handled and stored properly. If your customers become victims of identity theft because of your company’s poor practices, your company will be held legally responsible.

Under the Gramm-Leach-Bliley Act, all financial institutions are required to explain their information sharing practices to their customers and protect their sensitive data. Financial institutions are required to comply with the Safeguards Rule by developing a written information security plan. This plan must describe their program to protect customer information.

There are a few components that each company must address in its plan. Each company must:

Designate one or more employees to coordinate its information security program;

Identify and evaluate risks to customer information in each part of the company’s operation;

Create and apply a safeguard program, the company must also regularly monitor and test the program;

Select service providers that can maintain the appropriate standards;

Review and update the program as the business progresses;

The Federal Trade Commission (FTC) has made the requirements flexible so that each business can develop a plan that is relevant to their size, scope, and operation. The implementation of the plan is also flexible and can vary between companies. As an example, a company can choose to designate one employee to be responsible of the safeguard or assign the responsibility to a team of employees.

Lastly, your company should also take into consideration any unique risks created by your operation’s practices. Your company may want to be extra careful if you allow employees to access customer information from home or other off-site locations. Data transmitted outside of your company’s network can also raise additional risks.